[FEATURE REQUEST] Log/track IP address of Unaccepted minions #67597
nf-brentsaner
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
(Actually, it'd probably be good to log the client address for all minions, regardless of accepted status.)
Automatically generated minion IDs are non-perfect predictable (that is, they can be the hostname, PTR, etc. etc.). None of these, however, provide any sort of concrete identification for a Minion. This makes it extremely challenging to determine where a key acceptance request came from.
Doubly so if you're trying to track down a duplicated key, or an acceptance request from a cloned VM, etc.
Describe the solution you'd like
The Salt Master's key system should track the client address(es) used, preferably via some kind of relational database (e.g. sqlite3 by default, with the option for something like MySQL/MariaDB or Postgres for wide-scale master infrastructure - master-of-masters, syndic, etc.). This information should then be presented during a salt-key -a confirmation prompt.
At the very LEAST this should be logged; I'm logging at
DEBUGand I never saw any sort of mention of this information. This seems like a baffling oversight. This is something that should be logged for auditing purposes at the least.Describe alternatives you've considered
IDK Netflow I guess. lol. Overkill and silly.
Additional context
N/A
Beta Was this translation helpful? Give feedback.
All reactions